[pmwiki-users] Wiki security for ecommerce recipe

Marcus prima at wordit.com
Mon Apr 21 11:35:05 CDT 2008


On Sun, 20 Apr 2008 19:11:46 -0700
Dr Fred C <drfredc at verizon.net> wrote:

Hi Fred, Thanks for the feedback.

> If there has to be a cost, which is only reasonable since it's a
> commerce application, ideally it ought to be a one time (shareware)
> cost, with a free setup/testing period. 


It would be Open Source, no cost for the recipe. That way we hope
others here can contribute to its improvement.

Paid setup, support, or customisations could be offered.
That might be important to anybody with a serious business before they
adopt am Open Source solution.
 

> * No customer's purchase or private info is ever stored at the site.

Well, this was the issue. Store it or not. We are only talking address
and contact info here, *no* credit card details or other financial data.

I decided it's needed for several reasons. You may need a record for the
tax authorities to prove you were selling to real people. The billing
and shipping address may differ which is sent to payment processors so
you only get one of the two addresses. In a merchandise store you may
have a friend or spouse paying for goods shipped to their relative or
"significant other". I've found many payment processors do not provide
all the correct data.

Further, money
laundering is a big issue now. It may not be of interest unless you
turn over a few 100,000 or a million, but nonethless legally you
probably have to and in case of an audit you could get into trouble,
at least possibly be fined.

Your only alternative is to download the data to a
harddisk and use a desktop application to process invoicing. That's
very inflexible if you ever need to access data from elsewhere and that
misses the whole point of the Internet. You also have to reinstall it
all when updating your desktop computers...more cost and time.

If you use several payment processors, as many shops do to give
customers more options, then you have to retrieve the data in differing
CSV formats.

Finally, bank transfer payment offers
the lowest processing cost when customers have online access to their
bank accounts. It's catching on in many places and means you have the
money on your account straight away. If customers trust you, then they
don't mind doing that, unless they need to use credit that month. We
currently give the savings back to customers via a 3% discount, equal to
what we save on third party processing.

If you want to use bank transfer payment, then you need to record the
shipping details yourself.

Encrypting the data on your server secures it sufficiently. SSL
transfers secure the data between server and browser.


> I'd love to be able to change it over to a pmwiki estore for various
> reasons, particularly if management could be done via an excel (or
> OpenOffice.calc) file.


I see, you manage your data on a desktop PC, not online?

We could add an option to have the order data emailed to admins in CSV
format. That can be imported to Excel or OOo Calc. Shouldn't be
difficult. Encrypted with GnuPG if necessary.

Let me know if you have any other ideas, or whether I missed something
in my answers.

We are still at the initial design stage, but we have a working proof of
concept. Any and all constructive feedback is welcome.


Marcus






More information about the pmwiki-users mailing list